External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-10 15:32:05 -03:30
Code Issues Packages Projects Releases Wiki Activity
29,629 Commits 26 Branches 288 Tags
Commit Graph

306 Commits

Author SHA1 Message Date
Giuseppe Graziano
3e8b2f8ab7
New JWT Authorization Grant Identity provider (#44176) 
Closes #43570

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-19 09:18:23 +01:00
Stefan Guilhen
464d1a6741 Improve updating existing workflows 
- allow updating entire workflow when no scheduled tasks exist
- allow updating conditions, concurrency, and steps config when scheduled tasks exists

Closes #42618

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-17 09:10:29 -03:00
Stian Thorgersen
c284f9ae66
Rename ApiUtil to AdminApiUtil (#44224) 
Closes #44196

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-17 07:52:04 +01:00
Stian Thorgersen
b7815190a2
Merge GenerateKeystoreForTestUtil with CryptoKeyStore (#44223) 
Closes #44195

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-17 07:51:45 +01:00
Stefan Guilhen
3319e8d9b5 Add optional parameter in WorkflowResource.toRepresentation to allow retrieval of the rep without the ids 
Closes #44183

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-14 12:20:40 -03:00
Stian Thorgersen
a2c1055f8d
Proposed import order (#43432) 
* Add importOrder to Spotless

Closes #43235

Signed-off-by: stianst <stianst@gmail.com>

* Re-order imports with Spotless

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-14 09:34:49 +01:00
Hamza Hathoute
8fb8fd5346
fix: add flag to delete-step to control user removal from federation provider 
Closes #43538

Signed-off-by: Hathoute <whitesmith.thedj@gmail.com>
 2025-11-13 22:32:11 +00:00
Vlasta Ramik
d2697232b9
Rename bind endpoint to activate 
Closes #44155

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-13 22:15:33 +01:00
stianst
8dce1eff15 Migrate keys package to new test framework 
Closes #44118

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-13 10:19:53 -03:00
Stefan Guilhen
da7993896d Allow ISO-8601 compatible format for the after field in workflow steps 
- aligns the format with what is used in the JPA connection provider pool max lifetime for time-based configurations

Closes #42913

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 18:51:49 -03:00
Stefan Guilhen
7acf2ceccb Add pagination and search by name capabilities to WorkflowsResource 
Closes #44164

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-11-12 17:18:11 -03:00
vramik
84a679224b Add operation to deactivate a workflow execution for a resource 
Closes #42124

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-12 17:02:17 -03:00
rmartinc
c8c110a049 Use normal scope parameter checking for the JWT Authorization grant 
Closes #43646

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-12 14:09:00 +01:00
Stian Thorgersen
2a196cb373
Split new base tests into multiple jobs (#44096) 
* Split new base tests into multiple jobs

Closes #38200

Signed-off-by: stianst <stianst@gmail.com>

* Update tests/base/src/test/java/org/keycloak/tests/suites/Base2TestSuite.java

Signed-off-by: Stian Thorgersen <stian@redhat.com>

---------

Signed-off-by: stianst <stianst@gmail.com>
Signed-off-by: Stian Thorgersen <stian@redhat.com>
 2025-11-12 10:12:32 +01:00
Pedro Igor
c23d2af65c
The admin roles manage-authorization and view-authorization should have precedence over manage-client when managing authorization settings 
Closes #43883

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-10 16:10:48 +01:00
Giuseppe Graziano
c0e34fa45f
Additional configuration and validation for jwt assertion grant (#44014) 
Closes #43873

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-10 14:34:06 +01:00
Stian Thorgersen
d8275fe5df
Remove wildcard imports (#44060) 
Closes #44059

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-10 11:46:05 +01:00
Pedro Igor
33f1dda2cf Processing workflow events asynchronously - Part 1 
Closes #42386

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-07 10:57:05 -03:00
Lukas Hanusovsky
768cea1b82
Add FIPS suite to the new tests (#43431) 
* Add FIPS test suite to the new tests

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>

* Tweaks to FIPS suite in new test

Signed-off-by: stianst <stianst@gmail.com>

---------

Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
Signed-off-by: stianst <stianst@gmail.com>
Co-authored-by: stianst <stianst@gmail.com>
 2025-11-06 14:08:19 +01:00
mposolda
b8a8be33aa Audience validation according to latest specs proposal 
closes #43984

Signed-off-by: mposolda <mposolda@gmail.com>
 2025-11-06 10:21:35 +01:00
Stian Thorgersen
6043027d99
Refactor KubernetesIdentityProvider (#43967) 
Closes #43966

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 16:28:07 +01:00
rmartinc
5822c52a30 JWT Authorization grant should not generate refresh and use transient sessions 
Closes #43799

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-11-05 14:17:32 +01:00
Stian Thorgersen
b278dbbb3d
Allow identity provider configuration without defaults for user authentication (#43963) 
Closes #43552

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-05 10:13:40 -03:00
Giuseppe Graziano
4b443f04ee
JWT Authorization grant idp config (#43841) 
Closes #43568

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-11-04 14:46:14 +01:00
Martin Bartoš
d5763b9c0b
Migrate the OTelProvider test to the new framework 
Closes #43858

Signed-off-by: Martin Bartoš <mabartos@redhat.com>
 2025-11-04 12:53:47 +01:00
Pedro Igor
2216ada20b Allow GET and PUT methods using application/yaml media type 
Closes #42687

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-11-03 13:09:17 -03:00
vramik
4d912a9c21 Support for YAML payloads for Admin client for creation of workflows 
Closes #43666

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-03 13:09:17 -03:00
Lukas Hanusovsky
5aa05d08eb
Test Framework - new Forms test suite. (#43894) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-11-03 15:15:10 +00:00
Lukas Hanusovsky
0dbcfeb9d0
Test Framework - new Login V1 test suite. (#43895) 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
 2025-11-03 15:08:12 +00:00
vramik
ece96e397e Make set creadential label use reset-password scope 
Closes #43460

Signed-off-by: vramik <vramik@redhat.com>
 2025-11-03 07:57:58 -03:00
Stian Thorgersen
d0a7225b3d
Allow CORS Access-Control-Allow-Headers customization (#43767) 
Closes #12682

Signed-off-by: stianst <stianst@gmail.com>
 2025-11-03 06:39:44 +00:00
Alexander Schwartz
52ba359cc3
Make client and IDP required when using federated client authentication (#43890) 
Closes #43889

Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
 2025-11-03 07:21:55 +01:00
Stian Thorgersen
1048c8d9c9
Filter out non-user authentication IdPs from account and login (#43798) 
Closes #43553

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-31 12:40:04 +01:00
rmartinc
f92adda310 Improve JWT Assertion Validation using client validators 
Closes #43642

Signed-off-by: rmartinc <rmartinc@redhat.com>
 2025-10-31 11:58:08 +01:00
Pedro Ruivo
e40c5de050
Session cache affinity 
Closes #42776

Signed-off-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Signed-off-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@gmx.net>
Co-authored-by: Steven Hawkins <shawkins@redhat.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 21:01:09 +00:00
Stian Thorgersen
be6a3814fb
Add CORS support to OIDC dynamic client registration endpoints (#43625) 
Closes #8863

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-30 12:12:08 +01:00
Tomáš Kyjovský
4c64b7189c
Deprecate org.keycloak.common.util.Base64 
Closes #43370

Signed-off-by: Alexander Schwartz <alexander.schwartz@ibm.com>
Signed-off-by: 1867605+tkyjovsk@users.noreply.github.com
Co-authored-by: Pedro Ruivo <1492066+pruivo@users.noreply.github.com>
Co-authored-by: Alexander Schwartz <alexander.schwartz@ibm.com>
 2025-10-30 09:12:14 +01:00
Giuseppe Graziano
759e062131
JWT Authorization grant client configuration (#43685) 
closes #43567

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-29 08:45:51 +01:00
Stefan Guilhen
3751bc050d Workflows enhancements 
- Allow specifying a parameter in events to better tie workflows to more specific events (e.g. user-role-added(name-of-role))
 - Make workflows 'if' and 'on' fields use expressions by default
 - Fix condition evaluation inconsistencies by having a single param for each condition
 - Remove need to use double quotes for condition parameters
 - Reference groups by path instead of id in conditions

Closes #43137
Closes #43536
Closes #43537
Closes #43661
Closes #43715

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-27 07:20:59 -03:00
vramik
b5ed45f2a0 Ability to define workflows with YAML 
Closes #42687

Signed-off-by: vramik <vramik@redhat.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-23 09:33:50 -03:00
vramik
b1c0c15ad5 Add validation for Workflwow, Condition and Steps fields 
Closes #43559

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-23 09:33:35 -03:00
Pedro Igor
2b785425fa Allow managing realm admin roles if the the realm-admin role is granted 
Closes #43579
Closes #43578

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Vlasta Ramik <vramik@users.noreply.github.com>
 2025-10-23 08:02:05 -03:00
Giuseppe Graziano
a25a0268de
Experimental feature for JWT Authorization Grant (#43624) 
Closes #43444

Signed-off-by: Giuseppe Graziano <g.graziano94@gmail.com>
 2025-10-22 15:34:33 +02:00
Stian Thorgersen
f6ac64907d
SPIFFE should support OIDC JWK endpoint (#43651) 
Closes #43650

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-22 15:19:56 +02:00
Pedro Igor
c5b560e2d8
Update user profile to allow returning a brief user representation 
Closes #42225

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
 2025-10-21 12:52:31 +02:00
Stefan Guilhen
657105bb41 Improve WorkflowRepresentation.Builder, changing concurrency(true) to concurrency().cancelIfRunning() for better clarity 
Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-20 10:54:53 -03:00
vramik
4dc398354a Restart workflow basen on concurrency/cancel-if-running option rather than reset-on option 
Closes #42911

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-17 10:06:43 -03:00
Stefan Guilhen
4985fa25c6 Add restart step provider, replacing the recurring config option 
Closes #42910

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
 2025-10-16 11:49:14 -03:00
vramik
4c4a333365 Disable GroupTest#createMultiDeleteMultiReadMulti for MSSQL 
Closes #42166

Signed-off-by: vramik <vramik@redhat.com>
 2025-10-15 14:34:05 -03:00
Stian Thorgersen
5c5905fed3
Fix SPIFFE client authentication when iss claim is included (#43428) 
Closes #43394

Signed-off-by: stianst <stianst@gmail.com>
 2025-10-14 13:20:51 +02:00